pull/67/head
Andy Wermke 12 years ago
commit bf3084b608

@ -1,6 +1,8 @@
CHANGELOG Roundcube Webmail
===========================
- Fix handling of invalid characters in message headers and output (#1489032)
- Fix selecting collapsed rows on select-all (#1489036)
- Fix possible header duplicates when using additional headers (#1489033)
- Fix session issues with use_https=true (#1488986)
- Fix blockquote width in sent mail (#1489031)

@ -780,10 +780,16 @@ shift_select: function(id, control)
if (!this.rows[this.shift_start] || !this.selection.length)
this.shift_start = id;
var n, from_rowIndex = this.rows[this.shift_start].obj.rowIndex,
to_rowIndex = this.rows[id].obj.rowIndex,
i = ((from_rowIndex < to_rowIndex)? from_rowIndex : to_rowIndex),
j = ((from_rowIndex > to_rowIndex)? from_rowIndex : to_rowIndex);
var n, i, j, to_row = this.rows[id],
from_rowIndex = this.rows[this.shift_start].obj.rowIndex,
to_rowIndex = to_row.obj.rowIndex;
if (!to_row.expanded && to_row.has_children)
if (to_row = this.rows[(this.row_children(id)).pop()])
to_rowIndex = to_row.obj.rowIndex;
i = ((from_rowIndex < to_rowIndex) ? from_rowIndex : to_rowIndex),
j = ((from_rowIndex > to_rowIndex) ? from_rowIndex : to_rowIndex);
// iterate through the entire message list
for (n in this.rows) {
@ -829,7 +835,7 @@ select_all: function(filter)
for (n in this.rows) {
if (!filter || this.rows[n][filter] == true) {
this.last_selected = n;
this.highlight_row(n, true);
this.highlight_row(n, true, true);
}
else {
$(this.rows[n].obj).removeClass('selected').removeClass('unfocused');
@ -924,7 +930,7 @@ get_single_selection: function()
/**
* Highlight/unhighlight a row
*/
highlight_row: function(id, multiple)
highlight_row: function(id, multiple, norecur)
{
if (!this.rows[id])
return;
@ -940,7 +946,7 @@ highlight_row: function(id, multiple)
if (!this.in_selection(id)) { // select row
this.selection.push(id);
$(this.rows[id].obj).addClass('selected');
if (!this.rows[id].expanded)
if (!norecur && !this.rows[id].expanded)
this.highlight_children(id, true);
}
else { // unselect row
@ -950,7 +956,7 @@ highlight_row: function(id, multiple)
this.selection = a_pre.concat(a_post);
$(this.rows[id].obj).removeClass('selected').removeClass('unfocused');
if (!this.rows[id].expanded)
if (!norecur && !this.rows[id].expanded)
this.highlight_children(id, false);
}
}
@ -968,7 +974,7 @@ highlight_children: function(id, status)
for (i=0; i<len; i++) {
selected = this.in_selection(children[i]);
if ((status && !selected) || (!status && selected))
this.highlight_row(children[i], true);
this.highlight_row(children[i], true, true);
}
},

@ -35,6 +35,7 @@ class html
public static $common_attrib = array('id','class','style','title','align');
public static $containers = array('iframe','div','span','p','h1','h2','h3','form','textarea','table','thead','tbody','tr','th','td','style','script');
/**
* Constructor
*
@ -332,7 +333,16 @@ class html
*/
public static function quote($str)
{
return @htmlspecialchars($str, ENT_COMPAT, RCUBE_CHARSET);
static $flags;
if (!$flags) {
$flags = ENT_COMPAT;
if (defined('ENT_SUBSTITUTE')) {
$flags |= ENT_SUBSTITUTE;
}
}
return @htmlspecialchars($str, $flags, RCUBE_CHARSET);
}
}

@ -85,12 +85,13 @@ class rcube_message
$this->headers = $this->storage->get_message($uid);
if (!$this->headers)
if (!$this->headers) {
return;
}
$this->mime = new rcube_mime($this->headers->charset);
$this->subject = $this->mime->decode_mime_string($this->headers->subject);
$this->subject = $this->headers->get('subject');
list(, $this->sender) = each($this->mime->decode_address_list($this->headers->from, 1));
$this->set_safe((intval($_GET['_safe']) || $_SESSION['safe_messages'][$this->folder.':'.$uid]));
@ -125,15 +126,11 @@ class rcube_message
*/
public function get_header($name, $raw = false)
{
if (empty($this->headers))
if (empty($this->headers)) {
return null;
}
if ($this->headers->$name)
$value = $this->headers->$name;
else if ($this->headers->others[$name])
$value = $this->headers->others[$name];
return $raw ? $value : $this->mime->decode_header($value);
return $this->headers->get($name, !$raw);
}

@ -215,7 +215,12 @@ class rcube_message_header
$value = $this->others[$name];
}
return $decode ? rcube_mime::decode_header($value, $this->charset) : $value;
if ($decode) {
$value = rcube_mime::decode_header($value, $this->charset);
$value = rcube_charset::clean($value);
}
return $value;
}
/**

@ -220,9 +220,9 @@ if (!empty($msg_uid) && empty($COMPOSE['as_attachment']))
}
}
else if ($compose_mode == RCUBE_COMPOSE_DRAFT) {
if ($MESSAGE->headers->others['x-draft-info']) {
if ($draft_info = $MESSAGE->headers->get('x-draft-info')) {
// get reply_uid/forward_uid to flag the original message when sending
$info = rcmail_draftinfo_decode($MESSAGE->headers->others['x-draft-info']);
$info = rcmail_draftinfo_decode($draft_info);
if ($info['type'] == 'reply')
$COMPOSE['reply_uid'] = $info['uid'];
@ -239,8 +239,8 @@ if (!empty($msg_uid) && empty($COMPOSE['as_attachment']))
}
}
if ($MESSAGE->headers->in_reply_to)
$COMPOSE['reply_msgid'] = '<'.$MESSAGE->headers->in_reply_to.'>';
if ($in_reply_to = $MESSAGE->headers->get('in-reply-to'))
$COMPOSE['reply_msgid'] = '<' . $in_reply_to . '>';
$COMPOSE['references'] = $MESSAGE->headers->references;
}

@ -24,10 +24,10 @@ if (!$OUTPUT->ajax_call)
return;
// move messages
if (!empty($_POST['_uid']) && !empty($_POST['_target_mbox'])) {
$uids = get_input_value('_uid', RCUBE_INPUT_POST);
if (!empty($_POST['_uid']) && strlen($_POST['_target_mbox'])) {
$uids = get_input_value('_uid', RCUBE_INPUT_POST);
$target = get_input_value('_target_mbox', RCUBE_INPUT_POST, true);
$mbox = get_input_value('_mbox', RCUBE_INPUT_POST, true);
$mbox = get_input_value('_mbox', RCUBE_INPUT_POST, true);
$copied = $RCMAIL->storage->copy_message($uids, $target, $mbox);
@ -47,7 +47,7 @@ if (!empty($_POST['_uid']) && !empty($_POST['_target_mbox'])) {
}
// unknown action or missing query param
else {
exit;
$OUTPUT->show_message('internalerror', 'error');
}
// send response

@ -896,7 +896,7 @@ function rcmail_washtml_callback($tagname, $attrib, $content, $washtml)
* return table with message headers
*/
function rcmail_message_headers($attrib, $headers=null)
{
{
global $OUTPUT, $MESSAGE, $PRINT_MODE, $RCMAIL;
static $sa_attrib;

@ -113,7 +113,7 @@ if (($uids = get_input_value('_uid', RCUBE_INPUT_POST)) && ($flag = get_input_va
$OUTPUT->command('set_rowcount', rcmail_get_messagecount_text($msg_count), $mbox);
if ($threading) {
$count = get_input_value('_count', RCUBE_INPUT_POST);
$count = get_input_value('_count', RCUBE_INPUT_POST);
}
// add new rows from next page (if any)
@ -125,9 +125,9 @@ if (($uids = get_input_value('_uid', RCUBE_INPUT_POST)) && ($flag = get_input_va
}
}
}
$OUTPUT->send();
}
else {
$OUTPUT->show_message('internalerror', 'error');
}
exit;
$OUTPUT->send();

@ -74,6 +74,8 @@ else if ($RCMAIL->action=='delete' && !empty($_POST['_uid'])) {
}
// unknown action or missing query param
else {
$OUTPUT->show_message('internalerror', 'error');
$OUTPUT->send();
exit;
}

@ -109,7 +109,7 @@ if ($uid) {
$OUTPUT->set_env('skip_deleted', true);
if ($CONFIG['display_next'])
$OUTPUT->set_env('display_next', true);
if ($MESSAGE->headers->others['list-post'])
if ($MESSAGE->headers->get('list-post', false))
$OUTPUT->set_env('list_post', true);
if ($CONFIG['forward_attachment'])
$OUTPUT->set_env('forward_attachment', true);

Loading…
Cancel
Save